MGASA-2018-0425

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0425.html

Import Source

https://advisories.mageia.org/MGASA-2018-0425.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2018-0425

Related

Published

2018-10-30T18:01:43Z

Modified

2018-10-30T20:46:15Z

Summary

Updated spamassassin packages fix security vulnerabilities

Details

Updated spamassassin package fixes security vulnerabilities:

A reliance on "." in @INC in one configuration script (CVE-2016-1238).

A denial of service vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts (CVE-2017-15705).

A potential Remote Code Execution bug with the PDFInfo plugin (CVE-2018-11780).

A local user code injection in the meta rule syntax (CVE-2018-11781).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / spamassassin

Package

Name: spamassassin
Purl: pkg:rpm/mageia/spamassassin?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.2-1.5.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / spamassassin-rules

Package

Name: spamassassin-rules
Purl: pkg:rpm/mageia/spamassassin-rules?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.2-1.1.mga6

Ecosystem specific

{
    "section": "core"
}